Portswigger (the company that makes Burp Suite) is out with their Top 10 web application hacking techniques.
https://portswigger.net/research/top-10-web-hacking-techniques-of-2019
Solid evidence that APIs are becoming the main target for credential stuffing attacks.
https://www.csoonline.com/article/3527858/apis-are-becoming-a-major-target-for-credential-stuffing-attacks.html
Another decent writeup for template injection. Attacks like this are becoming SO much more common in SPAs.
http://ghostlulz.com/angularjs-client-side-template-injection-xss/
That's the news, people. Stay safe out there.